Commit b1a597e0 authored by Ondřej Zajíček's avatar Ondřej Zajíček

Reimplementation of prefix sets.

Prefix sets were broken beyond any repair and have to be reimplemented.
They are reimplemented using a trie with bitmasks in nodes.
There is also change in the interpretation of minus prefix pattern,
but the old interpretation was already inconsistent with
the documentation and broken.

There is also some bugfixes in filter code related to set variables.
parent 1733d080
......@@ -34,6 +34,7 @@ CF_DECLS
struct f_inst *x;
struct filter *f;
struct f_tree *e;
struct f_trie *trie;
struct f_val v;
struct f_path_mask *h;
struct password_item *p;
......
......@@ -508,12 +508,33 @@ incompatible with each other (that is to prevent you from shooting in the foot).
Filters recognize four types of sets. Sets are similar to strings: you can pass them around
but you can't modify them. Literals of type <cf>set int</cf> look like <cf>
[ 1, 2, 5..7 ]</cf>. As you can see, both simple values and ranges are permitted in
sets. Sets of prefixes are special: you can specify which prefix lengths should match them by
using <cf>[ 1.0.0.0/8+, 2.0.0.0/8-, 3.0.0.0/8{5,6} ]</cf>. <cf>3.0.0.0/8{5,6}</cf> matches
prefixes <cf/3.X.X.X/ whose prefix length is 5 to 6. <cf><m>address</m>/<m>num</m>+</cf> is a shorthand for <cf><m>address</m>/{0,<m/num/}</cf>,
<cf><m>address</m>/<m/num/-</cf> is a shorthand for <cf><m>address</m>/{0,<m/num-1/}</cf>. For example,
<cf>1.2.0.0/16 &tilde; [ 1.0.0.0/8{ 15 , 17 } ]</cf> is true, but
<cf>1.0.0.0/8 &tilde; [ 1.0.0.0/8- ]</cf> is false.
sets.
Sets of prefixes are special: their literals does not allow ranges, but allows
prefix patterns that are written as <cf><M>ipaddress</M>/<M>pxlen</M>{<M>low</M>,<M>high</M>}</cf>.
Prefix <cf><m>ip1</m>/<m>len1</m></cf> matches prefix pattern <cf><m>ip2</m>/<m>len2</m>{<m>l</m>, <m>h</m>}</cf> iff
the first <cf>min(len1, len2)</cf> bits of <cf/ip1/> and <cf/ip2/ are identical and <cf>len1 &le; ip1 &le; len2</cf>.
A valid prefix pattern has to satisfy <cf/low &le; high/, but <cf/pxlen> is not constrained by <cf/low/
or <cf/high/. Obviously, a prefix matches a prefix set literal iff it matches any prefix pattern in the
prefix set literal.
There are also two shorthands for prefix patterns: <cf><m>address</m>/<m/len/+</cf> is a shorthand for
<cf><m>address</m>/<m/len/{<m/len/,<m/maxlen/}</cf> (where <cf><m>maxlen</m></c> is 32 for IPv4 and 128 for IPv6),
that means prefix <cf><m>address</m>/<m/len/</cf> and all its subprefixes. <cf><m>address</m>/<m/len/-</cf>
is a shorthand for <cf><m>address</m>/<m/len/{0,<m/len/}</cf>, that means prefix <cf><m>address</m>/<m/len/</cf>
and all its superprefixes (prefixes that contain it).
For example, <cf>[ 1.0.0.0/8, 2.0.0.0/8+, 3.0.0.0/8-, 4.0.0.0/8{16,24} ]</cf> matches
prefix <cf>1.0.0.0/8</cf>, all subprefixes of <cf>2.0.0.0/8</cf>, all superprefixes of <cf>3.0.0.0/8</cf> and prefixes
<cf/4.X.X.X/ whose prefix length is 16 to 24. <cf>[ 0.0.0.0/0{20,24} ]</cf> matches all prefixes (regardless of
IP address) whose prefix length is 20 to 24, <cf>[ 1.2.3.4/32- ]</cf> matches any prefix that contains IP address
<cf>1.2.3.4</cf>. <cf>1.2.0.0/16 &tilde; [ 1.0.0.0/8{ 15 , 17 } ]</cf> is true,
but <cf>1.0.0.0/16 &tilde; [ 1.0.0.0/8- ]</cf> is false.
Cisco-style patterns like <cf>10.0.0.0/8 ge 16 le 24</cf> can be expressed
in Bird as <cf>10.0.0.0/8{16,24}</cf>, <cf>192.168.0.0/16 le 24</cf> as
<cf>192.168.0.0/16{16,24}</cf> and <cf>192.168.0.0/16 ge 24</cf> as
<cf>192.168.0.0/16{24,32}</cf>.
<tag/enum/
Enumeration types are fixed sets of possibilities. You can't define your own
......
H Filters
S filter.c
S tree.c
S trie.c
\ No newline at end of file
source=f-util.c filter.c tree.c
source=f-util.c filter.c tree.c trie.c
root-rel=../
dir-name=filter
......
......@@ -36,6 +36,7 @@ CF_KEYWORDS(FUNCTION, PRINT, PRINTN, UNSET, RETURN,
%type <f> filter filter_body where_filter
%type <i> type break_command pair
%type <e> set_item set_items switch_body
%type <trie> fprefix_set
%type <v> set_atom fprefix fprefix_s fipa
%type <s> decls declsn one_decl function_params
%type <h> bgp_path bgp_path_tail1 bgp_path_tail2
......@@ -69,12 +70,20 @@ type:
| CLIST { $$ = T_CLIST; }
| type SET {
switch ($1) {
case T_INT:
case T_IP:
case T_PAIR:
$$ = T_SET;
break;
case T_PREFIX:
$$ = T_PREFIX_SET;
break;
default:
cf_error( "You can't create sets of this type." );
case T_INT: case T_IP: case T_PREFIX: case T_PAIR: ;
}
$$ = $1 | T_SET;
}
}
;
one_decl:
......@@ -201,20 +210,6 @@ pair:
/*
* Complex types, their bison value is struct f_val
*/
fprefix_s:
IPA '/' NUM %prec '/' {
if (!ip_is_prefix($1, $3)) cf_error("Invalid network prefix: %I/%d.", $1, $3);
$$.type = T_PREFIX; $$.val.px.ip = $1; $$.val.px.len = $3;
}
;
fprefix:
fprefix_s { $$ = $1; }
| fprefix_s '+' { $$ = $1; $$.val.px.len |= LEN_PLUS; }
| fprefix_s '-' { $$ = $1; $$.val.px.len |= LEN_MINUS; }
| fprefix_s '{' NUM ',' NUM '}' { $$ = $1; $$.val.px.len |= LEN_RANGE | ($3 << 16) | ($5 << 8); }
;
fipa:
IPA %prec PREFIX_DUMMY { $$.type = T_IP; $$.val.px.ip = $1; }
;
......@@ -223,7 +218,6 @@ set_atom:
NUM { $$.type = T_INT; $$.val.i = $1; }
| pair { $$.type = T_PAIR; $$.val.i = $1; }
| fipa { $$ = $1; }
| fprefix { $$ = $1; }
| ENUM { $$.type = $1 >> 16; $$.val.i = $1 & 0xffff; }
;
......@@ -231,18 +225,12 @@ set_item:
set_atom {
$$ = f_new_tree();
$$->from = $1;
if ($1.type != T_PREFIX)
$$->to = $1;
else {
$$->to = $1;
$$->to.val.px.ip = ipa_or( $$->to.val.px.ip, ipa_not( ipa_mkmask( $$->to.val.px.len ) ));
}
$$->to = $1;
}
| set_atom '.' '.' set_atom {
$$ = f_new_tree();
$$->from = $1;
$$->to = $4;
if (($1.type == T_PREFIX) || ($4.type == T_PREFIX)) cf_error( "You can't use prefixes for range." );
}
;
......@@ -251,6 +239,28 @@ set_items:
| set_items ',' set_item { $$ = $3; $$->left = $1; }
;
fprefix_s:
IPA '/' NUM %prec '/' {
if (($3 < 0) || ($3 > MAX_PREFIX_LENGTH) || !ip_is_prefix($1, $3)) cf_error("Invalid network prefix: %I/%d.", $1, $3);
$$.type = T_PREFIX; $$.val.px.ip = $1; $$.val.px.len = $3;
}
;
fprefix:
fprefix_s { $$ = $1; }
| fprefix_s '+' { $$ = $1; $$.val.px.len |= LEN_PLUS; }
| fprefix_s '-' { $$ = $1; $$.val.px.len |= LEN_MINUS; }
| fprefix_s '{' NUM ',' NUM '}' {
if (! ((0 <= $3) && ($3 <= $5) && ($5 <= MAX_PREFIX_LENGTH))) cf_error("Invalid prefix pattern range: {%d, %d}.", $3, $5);
$$ = $1; $$.val.px.len |= LEN_RANGE | ($3 << 16) | ($5 << 8);
}
;
fprefix_set:
fprefix { $$ = f_new_trie(); trie_add_prefix($$, &($1.val.px)); }
| fprefix_set ',' fprefix { $$ = $1; trie_add_prefix($$, &($3.val.px)); }
;
switch_body: /* EMPTY */ { $$ = NULL; }
| set_item ':' cmds switch_body {
$$ = $1;
......@@ -294,6 +304,7 @@ constant:
| fipa { NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; $$->a1.p = val; *val = $1; }
| fprefix_s {NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; $$->a1.p = val; *val = $1; }
| '[' set_items ']' { DBG( "We've got a set here..." ); $$ = f_new_inst(); $$->code = 'c'; $$->aux = T_SET; $$->a2.p = build_tree($2); DBG( "ook\n" ); }
| '[' fprefix_set ']' { $$ = f_new_inst(); $$->code = 'c'; $$->aux = T_PREFIX_SET; $$->a2.p = $2; }
| ENUM { $$ = f_new_inst(); $$->code = 'c'; $$->aux = $1 >> 16; $$->a2.i = $1 & 0xffff; }
| bgp_path { NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; val->type = T_PATH_MASK; val->val.path_mask = $1; $$->a1.p = val; }
;
......@@ -374,12 +385,16 @@ term:
case SYM_IPA:
{ NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; $$->a1.p = val; val->type = T_IP; val->val.px.ip = * (ip_addr *) ($1->def); }
break;
case SYM_VARIABLE | T_BOOL:
case SYM_VARIABLE | T_INT:
case SYM_VARIABLE | T_PAIR:
case SYM_VARIABLE | T_PREFIX:
case SYM_VARIABLE | T_STRING:
case SYM_VARIABLE | T_IP:
case SYM_VARIABLE | T_PATH_MASK:
case SYM_VARIABLE | T_PREFIX:
case SYM_VARIABLE | T_PREFIX_SET:
case SYM_VARIABLE | T_SET:
case SYM_VARIABLE | T_PATH:
case SYM_VARIABLE | T_PATH_MASK:
case SYM_VARIABLE | T_CLIST:
$$->code = 'C';
$$->a1.p = $1->def;
......
......@@ -145,6 +145,25 @@ val_compare(struct f_val v1, struct f_val v2)
}
}
void
f_prefix_get_bounds(struct f_prefix *px, int *l, int *h)
{
*l = *h = px->len & LEN_MASK;
if (px->len & LEN_MINUS)
*l = 0;
else if (px->len & LEN_PLUS)
*h = MAX_PREFIX_LENGTH;
else if (px->len & LEN_RANGE)
{
*l = 0xff & (px->len >> 16);
*h = 0xff & (px->len >> 8);
}
}
/*
* val_simple_in_range - check if @v1 ~ @v2 for everything except sets
*/
......@@ -162,21 +181,21 @@ val_simple_in_range(struct f_val v1, struct f_val v2)
return !(ipa_compare(ipa_and(v2.val.px.ip, ipa_mkmask(v2.val.px.len)), ipa_and(v1.val.px.ip, ipa_mkmask(v2.val.px.len))));
if ((v1.type == T_PREFIX) && (v2.type == T_PREFIX)) {
ip_addr mask;
if (v1.val.px.len & (LEN_PLUS | LEN_MINUS | LEN_RANGE))
return CMP_ERROR;
mask = ipa_mkmask( v2.val.px.len & LEN_MASK );
int p1 = v1.val.px.len & LEN_MASK;
int p2 = v2.val.px.len & LEN_MASK;
ip_addr mask = ipa_mkmask(MIN(p1, p2));
if (ipa_compare(ipa_and(v2.val.px.ip, mask), ipa_and(v1.val.px.ip, mask)))
return 0;
if ((v2.val.px.len & LEN_MINUS) && (v1.val.px.len <= (v2.val.px.len & LEN_MASK)))
return 0;
if ((v2.val.px.len & LEN_PLUS) && (v1.val.px.len < (v2.val.px.len & LEN_MASK)))
return 0;
if ((v2.val.px.len & LEN_RANGE) && ((v1.val.px.len < (0xff & (v2.val.px.len >> 16)))
|| (v1.val.px.len > (0xff & (v2.val.px.len >> 8)))))
return 0;
return 1;
int l, h;
f_prefix_get_bounds(&v2.val.px, &l, &h);
return ((l <= v1.val.px.len) && (v1.val.px.len <= h));
}
return CMP_ERROR;
}
......@@ -199,6 +218,9 @@ val_in_range(struct f_val v1, struct f_val v2)
if (res != CMP_ERROR)
return res;
if ((v1.type == T_PREFIX) && (v2.type == T_PREFIX_SET))
return trie_match_prefix(v2.val.ti, &v1.val.px);
if (v2.type == T_SET)
switch (v1.type) {
case T_ENUM:
......@@ -248,6 +270,7 @@ val_print(struct f_val v)
case T_IP: PRINTF( "%I", v.val.px.ip ); break;
case T_PREFIX: PRINTF( "%I/%d", v.val.px.ip, v.val.px.len ); break;
case T_PAIR: PRINTF( "(%d,%d)", v.val.i >> 16, v.val.i & 0xffff ); break;
case T_PREFIX_SET: trie_print(v.val.ti, buf, 2040); break;
case T_SET: tree_print( v.val.t ); PRINTF( "\n" ); break;
case T_ENUM: PRINTF( "(enum %x)%d", v.type, v.val.i ); break;
case T_PATH: as_path_format(v.val.ad, buf2, 1020); PRINTF( "(path %s)", buf2 ); break;
......@@ -430,13 +453,17 @@ interpret(struct f_inst *what)
switch (res.type = v2.type) {
case T_VOID: runtime( "Can't assign void values" );
case T_ENUM:
case T_INT:
case T_IP:
case T_PREFIX:
case T_PAIR:
case T_BOOL:
case T_INT:
case T_PAIR:
case T_STRING:
case T_IP:
case T_PREFIX:
case T_PREFIX_SET:
case T_SET:
case T_PATH:
case T_CLIST:
case T_PATH_MASK:
case T_CLIST:
if (sym->class != (SYM_VARIABLE | v2.type))
runtime( "Assigning to variable of incompatible type" );
* (struct f_val *) sym->def = v2;
......@@ -447,10 +474,12 @@ interpret(struct f_inst *what)
break;
/* some constants have value in a2, some in *a1.p, strange. */
case 'c': /* integer (or simple type) constant, or string, or set */
case 'c': /* integer (or simple type) constant, string, set, or prefix_set */
res.type = what->aux;
if (res.type == T_SET)
if (res.type == T_PREFIX_SET)
res.val.ti = what->a2.p;
else if (res.type == T_SET)
res.val.t = what->a2.p;
else if (res.type == T_STRING)
res.val.s = what->a2.p;
......@@ -818,16 +847,21 @@ i_same(struct f_inst *f1, struct f_inst *f2)
break;
case 'c':
if (f1->aux & T_SET) {
switch (f1->aux) {
case T_PREFIX_SET:
if (!trie_same(f1->a2.p, f2->a2.p))
return 0;
case T_SET:
if (!same_tree(f1->a2.p, f2->a2.p))
return 0;
break;
}
switch (f1->aux) {
case T_STRING:
if (strcmp(f1->a2.p, f2->a2.p))
return 0;
break;
default:
A2_SAME;
}
......
......@@ -50,6 +50,7 @@ struct f_val {
struct f_prefix px;
char *s;
struct f_tree *t;
struct f_trie *ti;
struct adata *ad;
struct f_path_mask *path_mask;
} val;
......@@ -69,6 +70,12 @@ struct f_tree *build_tree(struct f_tree *);
struct f_tree *find_tree(struct f_tree *t, struct f_val val);
int same_tree(struct f_tree *t1, struct f_tree *t2);
struct f_trie *f_new_trie(void);
void trie_add_prefix(struct f_trie *t, struct f_prefix *px);
int trie_match_prefix(struct f_trie *t, struct f_prefix *px);
int trie_same(struct f_trie *t1, struct f_trie *t2);
int trie_print(struct f_trie *t, char *buf, int blen);
struct ea_list;
struct rte;
......@@ -128,6 +135,7 @@ void val_print(struct f_val v);
#define T_RETURN 0x40
#define T_SET 0x80
#define T_PREFIX_SET 0x81
struct f_tree {
struct f_tree *left, *right;
......@@ -135,6 +143,19 @@ struct f_tree {
void *data;
};
struct f_trie_node
{
ip_addr addr, mask, accept;
int plen;
struct f_trie_node *c[2];
};
struct f_trie
{
int zero;
struct f_trie_node root;
};
#define NEW_F_VAL struct f_val * val; val = cfg_alloc(sizeof(struct f_val));
#define FF_FORCE_TMPATTR 1 /* Force all attributes to be temporary */
......
......@@ -100,10 +100,25 @@ function __test2()
} reject;
}
function test_pxset(prefix set pxs)
{
print " must be true: ", 10.0.0.0/8 ~ pxs, ",", 10.0.0.0/10 ~ pxs, ",", 10.0.0.0/12 ~ pxs, ",",
20.0.0.0/24 ~ pxs, ",", 20.0.40.0/24 ~ pxs, ",", 20.0.0.0/26 ~ pxs, ",",
20.0.100.0/26 ~ pxs, ",", 20.0.0.0/28 ~ pxs, ",", 20.0.255.0/28 ~ pxs;
print " must be false: ", 10.0.0.0/7 ~ pxs, ",", 10.0.0.0/13 ~ pxs, ",", 10.0.0.0/16 ~ pxs, ",",
20.0.0.0/16 ~ pxs, ",", 20.0.0.0/23 ~ pxs, ",", 20.0.0.0/29 ~ pxs, ",",
11.0.0.0/10 ~ pxs, ",", 20.1.0.0/26 ~ pxs;
}
function __startup()
int i;
bool b;
prefix px;
ip p;
pair pp;
int set is;
prefix set pxs;
string s;
{
print "Testing filter language:";
i = four;
......@@ -118,20 +133,37 @@ ip p;
if 1234 = i then printn "."; else { print "*** FAIL: if 1 else"; }
# if 1 <= 1 then printn "."; else { print "*** FAIL: test 3"; }
if 1234 < 1234 then { print "*** FAIL: test 4"; quitbird; } else print "ok";
is = [ 2, 3, 4, 7..11 ];
print " must be true: ", 1.2.0.0/16 ~ [ 1.0.0.0/8{ 15 , 17 } ];
print " data types; must be true: ", 1.2.3.4 = 1.2.3.4, ",", 1 ~ [1,2,3], ",", 5 ~ [1..20], ",", 2 ~ [ 1, 2, 3 ], ",", 5 ~ [ 4 .. 7 ], ",", 1.2.3.4 ~ [ 1.2.3.3..1.2.3.5 ], ",", 1.2.3.4 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ [ 1.0.0.0/8+ ];
print " data types; must be true: ", 1.2.3.4 = 1.2.3.4, ",", 1 ~ [1,2,3], ",", 5 ~ [1..20], ",", 10 ~ is, ",", 2 ~ [ 1, 2, 3 ], ",", 5 ~ [ 4 .. 7 ], ",", 1.2.3.4 ~ [ 1.2.3.3..1.2.3.5 ], ",", 1.2.3.4 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ [ 1.0.0.0/8+ ];
print " must be true: ", true && true, ",", true || false;
# print " must be true: ", defined(1), ",", defined(1.2.3.4), ",", 1 != 2, ",", 1 <= 2;
print " data types: must be false: ", 1 ~ [ 2, 3, 4 ], ",", 5 ~ [ 2, 3, 4, 7..11 ], ",", 1.2.3.4 ~ [ 1.2.3.3, 1.2.3.5 ], ",", (1,2) > (2,2), ",", (1,1) > (1,1), ",", 1.0.0.0/8 ~ [ 1.0.0.0/8- ], ",", 1.2.0.0/17 ~ [ 1.0.0.0/8{ 15 , 16 } ], ",", true && false;
print " data types: must be false: ", 1 ~ [ 2, 3, 4 ], ",", 5 ~ is, ",", 1.2.3.4 ~ [ 1.2.3.3, 1.2.3.5 ], ",", (1,2) > (2,2), ",", (1,1) > (1,1), ",", 1.0.0.0/9 ~ [ 1.0.0.0/8- ], ",", 1.2.0.0/17 ~ [ 1.0.0.0/8{ 15 , 16 } ], ",", true && false;
px = 1.2.0.0/18;
print "Testing prefixes: 1.2.0.0/18 = ", px;
p = 127.1.2.3;
print "Testing mask : 127.0.0.0 = ", p.mask(8);
print "Testing pairs: (1,2) = ", (1,2);
pp = (1, 2);
print "Testing pairs: (1,2) = ", (1,2), " = ", pp;
print "Testing enums: ", RTS_DUMMY, " ", RTS_STATIC;
s = "Hello";
print "Testing string: ", s, " true: ", s ~ "Hell*", " false: ", s ~ "ell*";
b = true;
print "Testing bool: ", b, ", ", !b;
pxs = [ 1.2.0.0/16, 1.4.0.0/16+];
print "Testing prefix sets: ";
print pxs;
print " must be true: ", 1.2.0.0/16 ~ pxs, ",", 1.4.0.0/16 ~ pxs, ",", 1.4.0.0/18 ~ pxs, ",", 1.4.0.0/32 ~ pxs;
print " must be false: ", 1.1.0.0/16 ~ pxs, ",", 1.3.0.0/16 ~ pxs, ",", 1.2.0.0/15 ~ pxs, ",", 1.2.0.0/17 ~ pxs, ",",
1.2.0.0/32 ~ pxs, ",", 1.4.0.0/15 ~ pxs;
test_pxset([ 10.0.0.0/16{8,12}, 20.0.0.0/16{24,28} ]);
print "What will this do? ", [ 1, 2, 1, 1, 1, 3, 4, 1, 1, 1, 5 ];
print "Testing functions...";
......
/*
* This is an example configuration file.
* FIXME: add all examples from docs here.
*/
# Yet another comment
router id 62.168.0.1;
define xyzzy = (120+10);
function callme(int arg1; int arg2)
int local1;
int local2;
int i;
{
printn "Function callme called arguments ", arg1, " and ", arg2, ":" ;
i = arg2;
case arg1 {
2: print "dva"; print "jeste jednou dva";
3 .. 5: print "tri az pet";
else: print "neco jineho";
}
}
function fifteen()
{
print "fifteen called";
return 15;
}
function paths()
bgpmask pm1;
bgpmask pm2;
bgppath p2;
clist l;
{
pm1 = / 4 3 2 1 /;
pm2 = [= 4 3 2 1 =];
print "Testing path masks: ", pm1, " ", pm2;
p2 = prepend( + empty +, 1 );
p2 = prepend( p2, 2 );
p2 = prepend( p2, 3 );
p2 = prepend( p2, 4 );
print "Testing paths: ", p2;
print "Should be true: ", p2 ~ pm1, " ", p2 ~ pm2;
print "4 = ", p2.len;
p2 = prepend( p2, 5 );
print "Should be false: ", p2 ~ pm1, " ", p2 ~ pm2;
print "Should be true: ", p2 ~ / ? 4 3 2 1 /, " ", p2, " ", / ? 4 3 2 1 /;
print "Should be true: ", p2 ~ [= * 4 3 * 1 =], " ", p2, " ", [= * 4 3 * 1 =];
print "5 = ", p2.len;
pm1 = [= 1 2 * 3 4 5 =];
p2 = prepend( + empty +, 5 );
p2 = prepend( p2, 4 );
p2 = prepend( p2, 3 );
p2 = prepend( p2, 3 );
p2 = prepend( p2, 2 );
p2 = prepend( p2, 1 );
print "Should be true: ", p2 ~ pm1, " ", p2, " ", pm1;
l = - empty -;
l = add( l, (1,2) );
l = add( l, (2,3) );
print "Community list (1,2) (2,3) ", l;
print "Should be true: ", (2,3) ~ l;
l = delete( l, (2,3) );
print "Community list (1,2) ", l;
print "Should be false: ", (2,3) ~ l;
}
function bla()
{
print "fifteen called";
return 15;
}
define four=4;
function test_pxset(prefix set pxs)
{
print " must be true: ", 1000::/8 ~ pxs, ",", 1000::/10 ~ pxs, ",", 1000::/12 ~ pxs, ",",
2000::/24 ~ pxs, ",", 2000:4000::/24 ~ pxs, ",", 2000::/26 ~ pxs, ",",
2000:8000::/26 ~ pxs, ",", 2000::/28 ~ pxs, ",", 2000:FFF0::/28 ~ pxs;
print " must be false: ", 1000::/7 ~ pxs, ",", 1000::/13 ~ pxs, ",", 1000::/16 ~ pxs, ",",
2000::/16 ~ pxs, ",", 2000::/23 ~ pxs, ",", 2000::/29 ~ pxs, ",",
1100::/10 ~ pxs, ",", 2010::/26 ~ pxs;
}
function __startup()
int i;
bool b;
prefix px;
ip p;
pair pp;
int set is;
prefix set pxs;
string s;
{
print "Testing filter language:";
i = four;
i = 12*100 + 60/2 + i;
i = ( i + 0 );
print " arithmetics: 1234 = ", i;
printn " if statements ";
print "what happens here?";
printn ".";
if (i = 4) then { print "*** FAIL: if 0"; quitbird; } else printn ".";
# if !(i = 3) then { print "*** FAIL: if 0"; quitbird; } else printn ".";
if 1234 = i then printn "."; else { print "*** FAIL: if 1 else"; }
# if 1 <= 1 then printn "."; else { print "*** FAIL: test 3"; }
if 1234 < 1234 then { print "*** FAIL: test 4"; quitbird; } else print "ok";
is = [ 2, 3, 4, 7..11 ];
print " must be true: ", 1180::/16 ~ [ 1100::/8{ 15 , 17 } ];
print " data types; must be true: ", 12::34 = 12::34, ",", 1 ~ [1,2,3], ",", 5 ~ [1..20], ",", 10 ~ is, ",", 2 ~ [ 1, 2, 3 ], ",", 5 ~ [ 4 .. 7 ], ",", 12::34 ~ [ 12::33..12::35 ], ",", 1020::34 ~ 1000::/8, ",", 1000::/8 ~ 1000::/8, ",", 1000::/8 ~ [ 1000::/8+ ];
print " must be true: ", true && true, ",", true || false;
# print " must be true: ", defined(1), ",", defined(1.2.3.4), ",", 1 != 2, ",", 1 <= 2;
print " data types: must be false: ", 1 ~ [ 2, 3, 4 ], ",", 5 ~ is, ",", 12::34 ~ [ 12::33, 12::35 ], ",", (1,2) > (2,2), ",", (1,1) > (1,1), ",", 1000::/9 ~ [ 1000::/8- ], ",", 1000::/17 ~ [ 1000::/8{ 15 , 16 } ], ",", true && false;
px = 1020::/18;
print "Testing prefixes: 1020::/18 = ", px;
p = 1234:5678::;
print "Testing mask : 1200:: = ", p.mask(8);
pp = (1, 2);
print "Testing pairs: (1,2) = ", (1,2), " = ", pp;
print "Testing enums: ", RTS_DUMMY, " ", RTS_STATIC;
s = "Hello";
print "Testing string: ", s, " true: ", s ~ "Hell*", " false: ", s ~ "ell*";
b = true;
print "Testing bool: ", b, ", ", !b;
pxs = [ 1102::/16, 1104::/16+];
print "Testing prefix sets: ";
print pxs;
print " must be true: ", 1102::/16 ~ pxs, ",", 1104::/16 ~ pxs, ",", 1104::/18 ~ pxs, ",", 1104::/32 ~ pxs;
print " must be false: ", 1101::/16 ~ pxs, ",", 1103::/16 ~ pxs, ",", 1102::/15 ~ pxs, ",", 1102::/17 ~ pxs, ",",
1102::/32 ~ pxs, ",", 1104::/15 ~ pxs;
test_pxset([ 1000::/16{8,12}, 2000::/16{24,28} ]);
print "What will this do? ", [ 1, 2, 1, 1, 1, 3, 4, 1, 1, 1, 5 ];
print "Testing functions...";
# callme ( 1, 2 );
callme ( 2, 2 );
callme ( 2, 2 );
callme ( 3, 2 );
callme ( 4, 2 );
callme ( 7, 2 );
i = fifteen();
print "Testing function calls: 15 = ", i;
paths();
print "done";
quitbird;
# print "*** FAIL: this is unreachable";
}
filter testf
int j;
{
print "Heya, filtering route to ", net.ip, " prefixlen ", net.len, " source ", source;
print "This route was from ", from;
j = 7;
j = 17;
if rip_metric > 15 then {
reject "RIP Metric is more than infinity";
}
rip_metric = 14;
unset(rip_metric);
accept "ok I take that";
}
eval __startup();
\ No newline at end of file
/*
* Filters: Trie for prefix sets
*
* Copyright 2009 Ondrej Zajicek <santiago@crfreenet.org>
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
/**
* DOC: Trie for prefix sets
*
* We use a (compressed) trie to represent prefix sets. Every node
* in the trie represents one prefix (&addr/&plen) and &plen also
* indicates the index of the bit in the address that is used to
* branch at the node. If we need to represent just a set of
* prefixes, it would be simple, but we have to represent a
* set of prefix pattern. Each prefix pattern consists of
* &ppaddr/&pplen and two integers: &low and &high, and a prefix
* &paddr/&plen matches that pattern if the first MIN(&plen, &pplen)
* bits of &paddr and &ppaddr are the same and &low <= &plen <= &high.
*
* We use a bitmask (&accept) to represent accepted prefix lengths
* at a node. As there are 33 prefix lengths (0..32 for IPv4), but
* there is just one prefix of zero length in the whole trie so we
* have &zero flag in &f_trie (indicating whether the trie accepts
* prefix 0.0.0.0/0) as a special case, and &accept bitmask
* represents accepted prefix lengths from 1 to 32.
*
* There are two cases in prefix matching - a match when the length
* of the prefix is smaller that the length of the prefix pattern,
* (&plen < &pplen) and otherwise. The second case is simple - we
* just walk through the trie and look at every visited node
* whether that prefix accepts our prefix length (&plen). The
* first case is tricky - we don't want to examine every descendant
* of a final node, so (when we create the trie) we have to propagate
* that information from nodes to their ascendants.
*
* Suppose that we have two masks (M1 and M2) for a node. Mask M1
* represents accepted prefix lengths by just the node and mask M2
* represents accepted prefix lengths by the node or any of its
* descendants. Therefore M2 is a bitwise or of M1 and children's
* M2 and this is a maintained invariant during trie building.
* Basically, when we want to match a prefix, we walk through the trie,
* check mask M1 for our prefix length and when we came to
* final node, we check mask M2.
*
* There are two differences in the real implementation. First,
* we use a compressed trie so there is a case that we skip our
* final node (if it is not in the trie) and we came to node that
* is either extension of our prefix, or completely out of path
* In the first case, we also have to check M2.
* There also might be
* a problem that interval of acceptance (on path from root to the
* final node) might be completely missing (for example if we have
* prefix patterns 192.168.128.0/24{8,10} and 192.168.1.0/24
*
* Second, we really need not to maintain two separate bitmasks.
* Checks for mask M1 are always larger than &applen and we need
* just the first &pplen bits of mask M2 (if trie compression
* hadn't been used it would suffice to know just $applen-th bit),
* so we have to store them together in &accept mask - the first
* &pplen bits of mask M2 and then mask M1.
*
* There are four cases when we walk through a trie:
*
* - we are in NULL
* - we are out of path (prefixes are inconsistent)
* - we are in the wanted (final) node (node length == &plen)
* - we are beyond the end of path (node length > &plen)
* - we are still on path and keep walking (node length < &plen)
*
* The walking code in add_node_to_trie() and trie_match_prefix()
* is structured according to these cases.
*/
#include "nest/bird.h"
#include "conf/conf.h"
#include "filter/filter.h"
/**
* f_new_trie
*
* Allocates and returns a new empty trie.
*/
struct f_trie *
f_new_trie(void)
{
struct f_trie * ret;
ret = cfg_allocz(sizeof(struct f_trie));
return ret;
}
static inline struct f_trie_node *
new_node(int plen, ip_addr paddr, ip_addr pmask, ip_addr amask)
{
struct f_trie_node *n = cfg_allocz(sizeof(struct f_trie_node));
n->plen = plen;
n->addr = paddr;
n->mask = pmask;
n->accept = amask;
return n;
}
static inline void
attach_node(struct f_trie_node *parent, struct f_trie_node *child)
{
parent->c[ipa_getbit(child->addr, parent->plen) ? 1 : 0] = child;
}
static void
add_node_to_trie(struct f_trie *t, int plen, ip_addr ip, ip_addr amask)
{
ip_addr pmask = ipa_mkmask(plen);
ip_addr paddr = ipa_and(ip, pmask);
struct f_trie_node *o = NULL;
struct f_trie_node *n = &t->root;